Medical records hold a mass amount of data. These include not only the medical diagnosis but may also include payment information along with health insurance data. Per each individual record, the sales price may not be large, however, the value resides more in the data itself. The price depends on not only the data in each file but also how these are bundled.
The medical records are limited as to the access. Not every person in the medical facility requires access to these. The data may lure staff members of the medical facility to view these records, when not authorized, to gain knowledge. Certainly, this could be more of a curiosity issue or more of a malicious slant with the exfiltration and sale of the data. In prior years, this had occurred with celebrities or other prominent figures.
Another incident of this type occurred recently. Sutter Health in California recently fired two employees after they accessed medical records. Normally this would not be an issue as many persons are allowed to view medical records as part of their role and responsibility for their position, however, the staff members were not authorized to do so. The two employees allegedly accessed the medical records of Joseph DeAngelo. He is suspected to be the Golden State Killer.
Naturally, medical records are to be held in an exceptionally secure manner and accessed by authorized parties only when required for their position. This not only includes data segregation and encryption but also authorization.
No comments:
Post a Comment